The PoSeID-on tool uses smart contracts and blockchain with permissions.
The European Union's (EU) General Data Protection Regulation (GDPR) is a major step forward for online privacy, but it still prevents users with limited resources from managing exactly how their data is used. Financed with European funds, PoSeID-on, aims to fill this gap with what researchers call 'privacy-enhanced dashboard'. TECNALIA has developed a tool that enables users of online services from governments and private and public organisations to take control of data.
'When using the privacy-enhanced dashboard, citizens will have easy, intelligible, transparent, and concise access to their personal data' says Roberta Lotti, coordinator of the project, representing the Italian Ministry of Economy and Finance. 'They will know how their personally identifiable information (PII) is tracked and through which service. They will monitor and manage how private and public organisations process this data. In addition, they will act as data controllers or data providers by allowing, restricting or revoking access permissions'.
PoSeID-on uses smart contracts and blockchain with permissions: a self-executing code that enables contextual assurance regarding accountability, transparency and compliance with data protection rights. Ultimately, the team created an integrated GDPR-compliant prototype. It features a user-friendly interface, open source interoperable information and communication technology (ICT) components that can be integrated into any private or public ICT architecture, and finally a cloud-based version of the privacy-enhanced dashboard-as-a-service. The latter is specifically targeted at organisations that cannot afford their own GDPR-compliant blockchain or cloud tool.
Use cases in Spain, France, Italy and Malta
The team tested these solutions through four use cases in Spain, France, Italy and Malta. In France, Softeam developed a business process management platform called 'e-Citiz', which allows customers to manage access to their data through a single platform. In Italy, it was integrated into the internal service provider platform NoiPA, which is used by the Ministry of Economy and Finance. The Maltese use case meant that MITA (an organisation in charge of implementing software for the government) did not have to resend information to any other government entity if it had already been sent to one. Finally, the Spanish use case saw how the Santander City Council tested more efficient digital services with complete data management options.
In these four countries, users were particularly satisfied with the results. 'For citizens, PoSeID-on is an empowering tool,' Lotti adds. 'They can finally control their personal data and have a clear overview of the consent they gave and the data shared with third parties. In turn, they have the possibility to withdraw those permissions at any time'.
The process is simple and easy to use. To access the cloud dashboard, citizens can use standard e-ID accounts. When logged in, users immediately see global scores and service-specific risks that indicate levels of privacy exposure. It is up to them to decide which of these services can maintain access to their data.
Public and private organisations also benefit
Public bodies can integrate new services into the platform to make routine procedures simpler and more transparent. Meanwhile, businesses can accelerate innovation through more efficient tools focused on user expectations and needs, while ensuring full compliance with current regulations and policies.
In the future, Lotti believes PoSeID-on will contribute to improving the security of public e-services and enhance digital processes. 'PoSeID-on will continue to expand its user base, tools and service ecosystem to reach a much broader spectrum of European organisations and citizens. Ultimately, it will be known for protecting fundamental rights, giving control back to citizens and ensuring the EU's role as an independent global leader in digital transformation,' she explains.
JIBE has already developed a new platform called 'dataU' that builds on the work of PoSeID-on and is seeking to have up to six clients working on validating the platform by the end of the year. The company expects to reach 1.9% of the total European population in five years.
TECNALIA acted as supplier of distributed accounting/blockchain technology and smart contracts leading the design development and integration of the PoSeID-on solution related to blockchain. It also supported the implementation of the Santander City Council pilot and led the testing and validation work.